Privacy Policy

Last Updated: 05/05/2025

This Privacy Policy describes how ThreadSifter collects, uses, and shares information in connection with your use of our services, which involve interaction with Reddit Services.

1. Information We Collect

We collect information about you in a few different ways when you use our Service:

1.1. Information You Provide Directly (via Reddit OAuth)

When you connect your Reddit account to our Service, we collect the following information from Reddit:

• Reddit ID: Your unique Reddit user identifier.
• Reddit Username: Your Reddit username.
• Access and Refresh Tokens: Tokens provided by Reddit that allow us to interact with the Reddit API on your behalf. These are necessary to provide the core functionality of the Service.
• Profile Data: Other information from your Reddit profile that you consent to share, which may include your Reddit avatar URL, karma, account creation date, and other publicly available or authorized information. This is stored as `profileData` in our system.

1.2. Information We Collect Automatically

When you use our Service, we may automatically collect certain information:

• Log Data: Our servers automatically record information ("Log Data") created by your use of the Service. Log Data may include information such as your IP address, HTTP request method, requested URL, server response status, response time, and content length. We use `morgan('dev')` for logging, which captures these details.
• Error Information: If an error occurs while you are using the Service, we may collect detailed error logs. These logs can include the request path, request headers (which may include your User-Agent, Referer, etc.), the body of the request (which may contain data you submitted), the specific error message, and if you are authenticated, your user ID. This information is stored in our database to help us diagnose and fix issues.
• Usage Information: We may collect information about how you use our Service, such as the features you use and the actions you take.

1.3. Information Related to Specific Features

• "Deepsearch" Feature Data: If you use our "Deepsearch" feature, we collect and store the inputs you provide, such as the target subreddit, your search queries or prompts, and configuration settings. We also store the reports and content generated by this feature. You have the option to mark these tasks as "shared" or "unshared."

2. How We Use Your Information

We use the information we collect for various purposes, including:

• To Provide and Maintain the Service: To authenticate you, allow you to use the Service's features (like "Deepsearch"), and interact with the Reddit API on your behalf using your stored tokens and profile data.
• To Improve and Personalize the Service: To understand how users interact with our Service, to enhance user experience, and to develop new features.
• To Communicate with You: To respond to your inquiries or provide you with information about the Service.
• For Security and Stability: To monitor for and prevent fraudulent activity, to diagnose and fix technical issues (using error logs), and to protect the security and integrity of our Service.
• To Fulfill Your Requests: For example, to process your "Deepsearch" tasks and generate reports.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• With Reddit: Your information (such as access tokens and profile data) is inherently shared with Reddit as part of the authentication process and when our Service interacts with the Reddit API on your behalf to fetch data or perform actions as per the Service's functionality.
• With Third-Party AI Providers:

  Our "Deepsearch" feature and potentially other features may use third-party AI services (such as Google Gemini and OpenAI models) to process your prompts and generate content (e.g., titles, reports). When you use these features, the relevant input data (e.g., your prompts, selected text for analysis) will be sent to these AI providers.

  These providers have their own privacy policies and terms of service that govern their use of your data. We encourage you to review them:

  • Google:https://policies.google.com/privacy
  • OpenAI:https://openai.com/policies/privacy-policy

  We are not responsible for the data practices of these third-party AI providers.

• Service Providers: We may share your information with third-party companies and individuals that perform services on our behalf (e.g., hosting, database management, analytics, error tracking). These service providers are authorized to use your information only as necessary to provide these services to us.
• For Legal Reasons: We may disclose your information if we believe it's necessary to comply with a law, regulation, legal process, or governmental request; to protect the safety of any person; to address fraud, security, or technical issues; or to protect our rights or property.
• Business Transfers: If we are involved in a merger, acquisition, bankruptcy, reorganization, or sale of assets, your information may be sold or transferred as part of that transaction. We will notify you of any such deal and outline your choices in that event.

4. Data Storage and Security

We store your information, including your Reddit ID, username, access and refresh tokens, profile data, "Deepsearch" data, and error logs, in a MongoDB database. We take reasonable measures to protect the information we collect from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. However, no internet or email transmission is ever fully secure or error-free, so you should take special care in deciding what information you send to us.

Your Reddit access and refresh tokens are stored to allow the Service to operate on your behalf and to maintain your session with Reddit. We strive to keep these tokens secure.

5. Authentication Tokens (JWTs)

We use JSON Web Tokens (JWTs) for user authentication after your initial sign-in via Reddit. These tokens are essential for the Service to recognize you and maintain your session securely without requiring you to log in repeatedly.

6. Your Choices and Rights

You have certain rights regarding your personal information, subject to local data protection laws. Depending on the applicable laws, these rights may include:

• Access: You may have the right to access the personal information we hold about you.
• Correction: You may have the right to request that we correct any inaccurate personal information we hold about you.
• Deletion: You may have the right to request that we delete your personal information. Note that deleting your account with our Service will result in the deletion of your stored Reddit tokens, profile data, and other associated data from our active databases. However, some data may remain in our backups or logs for a limited period as required or permitted by law. Data you have shared via Reddit (e.g., posts, comments) will remain on Reddit subject to Reddit's policies.
• Revoking Consent/Disconnecting: You can typically revoke our Service's access to your Reddit account through your Reddit account settings. If you do so, we will no longer be able to access your Reddit data or provide services that rely on this connection. We will also delete your associated data from our active systems upon request or after a period of inactivity, in accordance with our data retention policies.

To exercise these rights, please contact us using the contact information provided below.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. We may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Error logs and server logs may be retained for a shorter period.

If you delete your account or revoke access, we will take steps to delete your personal information from our active systems within a reasonable timeframe, unless retention is required for legal or legitimate business purposes.

8. Children's Privacy

Our Service is not directed to individuals under the age of 13 (or a higher age threshold where applicable under local law). We do not knowingly collect personal information from children under this age. If we become aware that a child under this age has provided us with personal information, we will take steps to delete such information.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: [email protected]